Language Selection

English French German Italian Portuguese Spanish

Security News

Filed under
Security
  • Security updates for Tuesday
  • EU updates smartphone secure development guideline

    The European Union Agency for Network and Information Security (ENISA) has published an updated version of its Smartphone Secure Development Guidelines. This document details the risks faced by developers of smartphone application, and provides ways to mitigate these.

  • CloudLinux 7 Users Get New Beta Linux Kernel Update That Addresses CVE-2017-6074

    CloudLinux's Mykola Naugolnyi announced today the availability of a new Beta kernel for the CloudLinux 7 operating system series, which patches a recently discovered and critical security flaw.

  • Linus Torvalds shrugged off warnings about 'insecure' SHA-1 in 2005

    LINUX FOUNDER Linus Torvalds was warned in 2005 that the use of the SHA-1 hash to sign code in Linux and Git was insecure and urged to shift to something better protected, but rejected the advice outright.

    Free software evangelist John Gilmore warned Torvalds ten years ago that "SHA1 has been broken; it's possible to generate two different blobs that hash to the same SHA1 hash".

    Gilmore penned his warning to Torvalds in April 2005, when MD5 had already been cracked and SHA1 remained "hard to crack" - but still crackable.

  • Subversion SHA1 Collision Problem Statement — Prevention and Remediation Options

    You probably saw the news last week that researchers at Google had found a scenario where they were able to break the SHA1 algorithm by creating two PDF files with differing content that produced the same hash. If you are following this story then you may have also seen that the Webkit Subversion repository had problems after a user committed these example files to their repository so that they could be used in test cases for SHA1 collisions.

  • making git-annex secure in the face of SHA1 collisions

    git-annex has never used SHA1 by default. But, there are concerns about SHA1 collisions being used to exploit git repositories in various ways. Since git-annex builds on top of git, it inherits its foundational SHA1 weaknesses. Or does it?

  • SSH Fingerprint Verification via Tor

    OpenSSH (really, are there any other implementations?) requires Trust on First Use for fingerprint verification.

    Verification can be especially problematic when using remote services like VPS or colocation.

    How can you trust that the initial connection isn’t being Man In The Middle’d?

  • Almost all Windows vulnerabilities are enabled by liberal 'admin rights'

    NEARLY OF THE VULNERABILITIES THAT AFFECT Microsoft's Windows operating system could be mitigated through a little careful control.

    Avecto, a security company, is the source of the latest revelation in this direction, and it says that 94 per cent of security problems could have been killed off if admin rights had been removed from the affected computer.

    This makes a lot of sense, since a computer that cannot be molested by a user cannot be molested by a third party. 94 per cent is just one example of the differences that can be made and Avecto says that in the case of Internet Explorer 100 per cent of risks are mitigated when rights are removed.

  • More on Bluetooth Ingenico Overlay Skimmers

    This blog has featured several stories about “overlay” card and PIN skimmers made to be placed atop Ingenico-brand card readers at store self-checkout lanes. I’m revisiting the topic again because a security technician at a U.S.-based retailer recently shared a few photos of several of these devices pulled from compromised card terminals, and the images and his story offer a fair bit more detail than in previous articles.

"Almost All Windows vulnerabilities are enabled by liberal admin

MS already has almost total control over the systems of Win10 users, now they just need a little more to make it "safe." I call BS.

"They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety."
--Benjamin Franklin, 1759

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Linux Foundation: Heather Kirksey and the New LF Report

  • Heather Kirksey on Integrating Networking and Cloud Native
    As highlighted in the recent Open Source Jobs Report, cloud and networking skills are in high demand. And, if you want to hear about the latest networking developments, there is no one better to talk with than Heather Kirksey, VP, Community and Ecosystem Development, Networking at The Linux Foundation. Kirksey was the Director of OPNFV before the recent consolidation of several networking-related projects under the new LF Networking umbrella, and I spoke with her to learn more about LF Networking (LFN) and how the initiative is working closely with cloud native technologies. Kirksey explained the reasoning behind the move and expansion of her role. “At OPNFV, we were focused on integration and end-to-end testing across the LFN projects. We had interaction with all of those communities. At the same time, we were separate legal entities, and things like that created more barriers to collaboration. Now, it’s easy to look at them more strategically as a portfolio to facilitate member engagement and deliver solutions to service providers.”
  • Linux Skills Most Wanted: Open Source Jobs Report
    The 2018 Open Source Technology Jobs Report shows rapid growth in the demand for open source technical talent, with Linux skills a must-have requirement for entry-level positions. The seventh annual report from The Linux Foundation and Dice, released Wednesday, identifies Linux coding as the most sought-after open source skill. Linux-based container technology is a close second. The report provides an overview of open source career trends, factors motivating professionals in the industry, and ways employers attract and retain qualified talent. As with the last two open source jobs reports, the focus this year is on all aspects of open source software and is not limited to Linux.

Games: Steam Summer Sale, GNU/Linux Version of Turok, GNU FreeDink

  • Steam Summer Sale is up, free game from Humble Store & Fanatical sale too
    There's quite a lot of sales and stuff going on right now, so I'm going to cram some into one article to give you an extra scoop with sprinkles and all. Firstly, head on over to Humble Store to grab a free copy of Shadowrun Returns Deluxe. Note: You do need to be subscribed to their newsletter to get it and it's only going on for 48 hours.
  • The Linux version of Turok has left beta, available to everyone
    Turok, the revamp of the 1997 shooter arrived in Beta for Linux back in May and now it's officially out.
  • GNU FreeDink - One Of The Few Fully Free Software Games - Now Runs On The Web
    When it comes to obscure projects under the official GNU Project umbrella, GNU FreeDink is one of them as being a free software game whose lineage traces back to the Dink Smallwood title from the late 90's. Nearly twenty years after the game's original release, the latest GNU FreeDink release is now available that allows it to be played within web-browsers. GNU FreeDink is the GNU maintained version of the Dink Smallwood game based upon its source release and then with any and all proprietary assets (like sounds) replaced to make it completely free software, with many otherwise "open-source" games still relying upon non-libre licensed in-game assets.

Software: LabPlot 2.5, GNU Parallel 20180622 ('Kim Trump'), Ick ALPHA-6

  • LabPlot 2.5 released
    It took much more time to finalize the release than we planned in the beginning after the 2.4 release was done. But we hope the number of features we implemented for 2.5 and their impact on the workflows supported by LabPlot can justify this delay. The source code and the installers for Windows and for Mac OS X can be found on our download page, as usual. In this release we again increased the number of data sources and added the support for the import of data from SQL databases. The user can import either from single tables or import the result of a custom SQL queries.
  • Krita 4.1 Beta Comes with a New Reference Images Tool and Supports Multi-Monitor Workspace Layouts
  • GNU Parallel 20180622 ('Kim Trump') released
    GNU Parallel 20180622 ('Kim Trump') has been released.
  • Ick ALPHA-6 released: CI/CD engine
    It gives me no small amount of satisfaction to announce the ALPHA-6 version of ick, my fledgling continuous integration and deployment engine. Ick has been now deployed and used by other people than myself.

Red Hat News and Disappointing Quarter, Buybacks Initiated